Information Security Office (ISO) Product Security Risk Manager - Principal Associate
Company: Capital One
Location: Fredericksburg
Posted on: November 13, 2024
|
|
Job Description:
Center 3 (19075), United States of America, McLean,
VirginiaInformation Security Office (ISO) Product Security Risk
Manager - Principal AssociateCapital One is one of the fastest
growing organizations in the world today. The growth of the
business is being accelerated by leveraging innovative and emerging
technologies. We are serious about technology, we dream big, and we
execute: Capital One moved our entire enterprise to the public
cloud over the course of five years, fully exiting our data
centers. Just as we prioritize driving innovation through
technology, we equally prioritize cybersecurity and managing
technology risk.
Cybersecurity Risk professionals at Capital One are trusted expert
advisers who shape decisions, challenge activities to ensure they
meet our standards, and generally oversee technology,
cybersecurity, and information security risk across the business
and the central technology organization.
Cybersecurity risk and analysis plays a critical role in ensuring
that the company's risk-taking entities are aware of the risks
inherent in their activities and decisions, the impact of their
actions on the company at an enterprise level, and opportunities to
reduce, mitigate, or avoid the risks altogether. Associates are
highly-skilled and have a wealth of experience and a demonstrated
ability to provide value added recommendations and deliver
high-impact results in the cybersecurity domain areas.
As an associate in Capital One's Cyber Information Security Office,
you will work with top talent in an entrepreneurial environment to
solve problems and drive solutions to help the company reduce cyber
risk. You will work with smart and passionate people to deliver
results that have a direct impact on the company's cyber risk
portfolio. You will be challenged to excel alongside the brightest
talent in the industry and be rewarded for your achievements. The
demands and high-visibility nature of this position require an
expert with a proven ability to work independently in a fast-paced
environment and who can begin contributing immediately.
Job Responsibilities:
Analyze and interpret industry standards, regulations, and best
practices to develop risk management tooling to identify cyber risk
trends, gap analysis, or maturity opportunities
Normalize and translate cyber risks at the organizational level to
support a fully integrated, prioritized, enterprise-wide view of
organizational risks to drive strategic and business decisions
Using risk profiles and dynamic reporting mechanisms, cybersecurity
risk information is incorporated into the organization's enterprise
risk management program and utilized to provide a fully integrated,
prioritized, enterprise-wide view of organizational risks to drive
strategic and business decisions
Help to enhance cyber risk management processes across Capital One
by providing thought leadership, oversight, and coordination with
other risk management activities across the company
Aggregate and evaluate risks, develop and maintain a risk register,
perform risk analysis and quantification to enumerate top risks and
provide risk reporting
Perform operational cyber risk assessments, identifying inherent
risks, determining control suite effectiveness, and residual
risk
Analyze information to proactively identify risks, trends, and
process improvements; supporting reporting on risk topics to
management
Assist and drive project and program delivery, including project
and process management, reporting, engagement in senior leadership
meetings, drafting and reviewing materials for senior management
and the Board of directors, and other governance activities
Build successful relationships with Tech, Cyber, and Enterprise
Risk to understand the impact of cyber risk on business
processes
Participate in risk and other management forums and contribute to
continuous improvement of risk and project or program management
practices
Candidates for this role will have:
Deep understanding of risk management principles, expertise in
assessing cybersecurity controls, and a strong technical
background
Experience in risk evaluation or assessment methodologies, risk
analysis, and risk reporting
Self prioritize and effectively plan your own work activities
managing multiple priorities and tasks across the team to deliver
quality results. Proactively take on additional work to support the
team when possible
Establish and maintain good working relationships during
engagement. Effectively communicate information and project process
to team and other stakeholders involved
Advanced skill presenting findings, conclusions, alternatives, and
information clearly and concisely
Basic Qualifications:
High School Diploma, GED, or equivalent certification
At least 3 years of experience in project management leading cross
functional projects in Risk
At least 3 years of experience with Risk Management Frameworks
(RMF)
At least 3 years of experience in cybersecurity, risk, or
technology industry standards (ISO 27001, NIST CSF and 800 series,
MITRE ATTACK, MITRE DEFEND, FFIEC, COBIT, PCI-DSS, or FAIR)
At least 3 years of experience developing, evaluating, or
implementing cybersecurity, information technology, or risk
assessment activities
Preferred Qualifications:
Bachelor's Degree
1+ years of experience with cloud risk, governance, control, and
security
CISA, CISM, CRISC, or CISSP Certification
At this time, Capital One will not sponsor a new applicant for
employment authorization, or offer any immigration related support
for this position (i.e. H1B, F-1 OPT, F-1 STEM OPT, F-1 CPT, J-1,
TN, or another type of work authorization).
Capital One offers a comprehensive, competitive, and inclusive set
of health, financial and other benefits that support your total
well-being. Learn more at the Capital One Careers website.
Eligibility varies based on full or part-time status, exempt or
non-exempt status, and management level.
This role is expected to accept applications for a minimum of 5
business days.No agencies please. Capital One is an equal
opportunity employer committed to diversity and inclusion in the
workplace. All qualified applicants will receive consideration for
employment without regard to sex (including pregnancy, childbirth
or related medical conditions), race, color, age, national origin,
religion, disability, genetic information, marital status, sexual
orientation, gender identity, gender reassignment, citizenship,
immigration status, protected veteran status, or any other basis
prohibited under applicable federal, state or local law. Capital
One promotes a drug-free workplace. Capital One will consider for
employment qualified applicants with a criminal history in a manner
consistent with the requirements of applicable laws regarding
criminal background inquiries, including, to the extent applicable,
Article 23-A of the New York Correction Law; San Francisco,
California Police Code Article 49, Sections 4901-4920; New York
City's Fair Chance Act; Philadelphia's Fair Criminal Records
Screening Act; and other applicable federal, state, and local laws
and regulations regarding criminal background inquiries.If you have
visited our website in search of information on employment
opportunities or to apply for a position, and you require an
accommodation, please contact Capital One Recruiting at
1-800-304-9102 or via email at
RecruitingAccommodation@capitalone.com. All information you provide
will be kept confidential and will be used only to the extent
required to provide needed reasonable accommodations.
For technical support or questions about Capital One's recruiting
process, please send an email to Careers@capitalone.com
Capital One does not provide, endorse nor guarantee and is not
liable for third-party products, services, educational tools or
other information available through this site.
Capital One Financial is made up of several different entities.
Please note that any position posted in Canada is for Capital One
Canada, any position posted in the United Kingdom is for Capital
One Europe and any position posted in the Philippines is for
Capital One Philippines Service Corp. (COPSSC).
Keywords: Capital One, Potomac , Information Security Office (ISO) Product Security Risk Manager - Principal Associate, Education / Teaching , Fredericksburg, Maryland
Click
here to apply!
|